Nvidia: Security Vulnerabilities
NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.
CVSS Score
8.0
EPSS Score
0.005
Published
2023-09-20
NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
CVSS Score
8.0
EPSS Score
0.007
Published
2023-09-20
NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-09-20
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-09-20
NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-09-20
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-09-12
NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.
CVSS Score
4.0
EPSS Score
0.003
Published
2023-08-03
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-07-04
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-07-04
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-04